CVE-2026-7876
Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
27 may 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19 is affected by an authentication bypass vulnerability. A transfer client may be able to take advantage of this vulnerability to access files in the server's local storage that they should not have access to, when specific restriction settings are not in place.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Productos afectados
IBM · Aspera HSTS for CP4I